Make propagate_env_vars scan regex more secure10694-propagate-env-vars-for-gitlab-own-ci-sast-depscan-ce

author: Victor Zagorodny <vzagorodny@gitlab.com> 2019-04-29 23:45:05 +0300
committer: Victor Zagorodny <vzagorodny@gitlab.com> 2019-04-29 23:47:00 +0300
commit: 30ce01c2f45ccc9288d806d8e071d77005717802 (patch)
tree: 2f81059746cf9d86bf7a37bacbd6eded18994fc4
parent: da9859d7ee8091e1cab9e10c5125dab75ffe34c0 (diff)
download: gitlab-ce-10694-propagate-env-vars-for-gitlab-own-ci-sast-depscan-ce.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml
index 2e925d58a87..d0e09dbf2f8 100644
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -31,7 +31,7 @@ sast:
         CURRENT_ENV=$(printenv)
 
         for VAR_NAME; do
-          echo $CURRENT_ENV | grep $VAR_NAME > /dev/null && echo "--env $VAR_NAME "
+          echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
         done
       }
     - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
@@ -75,7 +75,7 @@ dependency_scanning:
         CURRENT_ENV=$(printenv)
 
         for VAR_NAME; do
-          echo $CURRENT_ENV | grep $VAR_NAME > /dev/null && echo "--env $VAR_NAME "
+          echo $CURRENT_ENV | grep "${VAR_NAME}=" > /dev/null && echo "--env $VAR_NAME "
         done
       }
     - |
author	Victor Zagorodny <vzagorodny@gitlab.com>	2019-04-29 23:45:05 +0300
committer	Victor Zagorodny <vzagorodny@gitlab.com>	2019-04-29 23:47:00 +0300
commit	30ce01c2f45ccc9288d806d8e071d77005717802 (patch)
tree	2f81059746cf9d86bf7a37bacbd6eded18994fc4
parent	da9859d7ee8091e1cab9e10c5125dab75ffe34c0 (diff)
download	gitlab-ce-10694-propagate-env-vars-for-gitlab-own-ci-sast-depscan-ce.tar.gz